Skip site navigation (1) Skip section navigation (2)

Re: Fixing insecure security definer functions

From: "Merlin Moncure" <mmoncure(at)gmail(dot)com>
To: "Merlin Moncure" <mmoncure(at)gmail(dot)com>, "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Fixing insecure security definer functions
Date: 2007-03-29 18:18:03
Message-ID: b42b73150703291118x2ea4f677v44310d551cace54f@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-hackers
On 3/29/07, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> * Merlin Moncure (mmoncure(at)gmail(dot)com) wrote:
> > fwiw, I think this is a great solution...because the default behavior
> > is preserved you get through without any extra guc settings (although
> > you may want to add one anyways).
>
> I agree that the proposed solution looks good.
>
> > maybe security definer functions should raise a warning for implicit
> > PATH NONE, and possibly even deprecate that behavior and force people
> > to type it out in future (8.4+) releases.
>
> While I agree that raising a warning makes sense I don't believe it
> should be forced.  There may be cases where, even in security definer
> functions, the current search_path should be used (though, of course,
> care must be taken in writing such functions).

I agree...I'm just suggesting to make you explicitly write 'PATH NONE'
for security definer functions because of the security risk...just a
thought though.

merlin

In response to

pgsql-hackers by date

Next:From: Tom LaneDate: 2007-03-29 18:19:38
Subject: Re: Fixing insecure security definer functions
Previous:From: Tom LaneDate: 2007-03-29 18:14:21
Subject: Re: Patch queue concern

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group